Visible to Intel only — GUID: GUID-8A18EA76-2F38-452F-A425-7EF0E915ECEF
Visible to Intel only — GUID: GUID-8A18EA76-2F38-452F-A425-7EF0E915ECEF
Applet Manifest
This page provides an overview of the applet manifest's importance in an applet, and how it controls the applet's access to Intel® Dynamic Application Loader (Intel® DAL) features. For a list of the fields in the manifest, see the Applet Manifest guidelines page.
Every trusted application includes an applet manifest. The manifest is a file that contains the applet's metadata: supported firmware versions, the list of Java* classes the applet has permission to access, the applet's heap size, and so on. Some of the manifest fields are descriptive, while others modify the applet's behavior. The contents of the applet manifest determine whether the applet has permission to access any or all of the other features described in this section.
The contents of the manifest are verified with each signing request, and this information is signed in the trusted application itself.
Some of the manifest fields are available to the host software to identify the trusted application with which it is currently communicating, while some of the fields are internal to help the user notate a project.
The Intel DAL Manifest Editor, which comes as part of the Eclipse plugin, can be used to edit the editable fields in a manifest, if needed. The Intel DAL Manifest Editor checks the validity of each value, and checks compatibility between the firmware version and the API version used in a trusted application.
Trusted Application SKUing
Intel DAL supports trusted application SKU limitations in the trusted application manifest. An applet can be restricted to running only if the system has a PCH listed in in the SKU list, or if the system uses a specific CPU, or on a platform with a specified feature set.
The trusted application manifest is signed, and the enforcement is performed by the firmware so it cannot be circumvented.
A trusted application can be limited to:
- PCH SKU list
- CPU type list (e.g. Intel® vPro™ technology, Intel® Core™ processor)
- Platform-specific feature set (e.g. Intel® Management Engine (Intel® ME) 8-full)
Because each trusted application manifest is signed, this mechanism is more secure than software or installer solutions and cannot be circumvented. See the SKU Matrix section of the Applet Manifest guidelines.
Supported from API level 2